The vulnerability allows drive-by installs so Firefox users could have been infected without knowing. Norman calls the malware Belmoo and rates the threat risk "low." After exploiting the Firefox vulnerability the malware creates an executable in the \Windows\temp directory and sets it to run at boot from the registry. The main task performed by the executable is to open up a connection through which a botmaster can control the system.